request when DIAEnergie is configured to expose an external database. DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network request when DIAEnergie is configured to expose an external database. CVE-2017-15915 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue. DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue. CVE-2017-15916 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue. DIAEner
Summary
DIAEnergie versions prior to v1.9.02.001 allow an attacker to inject SQL queries due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue.
CVE-2022-43452
request when DIAEnergie is configured to expose an external database. DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network request when DIAEnergie is configured to expose an external database. CVE-2017-15915 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API. An attacker can send a malicious request to the DIAEnergie REST API when DIAEnergie is configured to expose an external database. The REST API can be used to exploit the issue.
CVE-2017-15916 Delta Electronics DIAEnergie versions prior to v1.9.02.001 allow SQL injection due to a configuration issue in the DIAEnergie REST API
SQL Injection
A SQL injection is when an application takes untrusted data and uses its own logic to process it. When this occurs, the application processes data that was intended for another application. This can lead to a hacker running commands on the database of the application they are attacking. For example, if a user goes to a website that allows a user to enter their email address or password, SQL injection can occur. This would allow the attacker to run commands on the database of the website and steal sensitive data like passwords and emails.
When DIAEnergie versions prior to v1.9.02.001 allow an attack due to configuration issue in REST API, an attacker can send a malicious request when DIAEnergie is configured to expose an external database. The REST API can be used exploit the issue by running commands on the database of DIAEnergie.
Timeline
Published on: 11/17/2022 23:15:00 UTC
Last modified on: 11/18/2022 18:33:00 UTC